IS risks and operational risk management in banks
Autoři
Více o knize
Financial risk management has always been a core business of banks. However, in recent years operational risks have gained in importance. This manifests itself, for example, in the New Basel Capital Accord and is similarly expressed in the Sarbanes-Oxley-Act. Due to the fact that business processes in the banking industry rely heavily on information systems (IS), the emerging demand for operational risk management calls specifically for a contribution from the IS discipline. An empirical study with the Top 100 German banks was conducted, which yielded data from 43 face-to-face interviews all over Germany. Managers from both the IS/IT department as well as from the risk management department participated in the interviews. Three key perspectives of IS risk management have been investigated. First, evidence was provided that existing approaches from the IS discipline cannot sufficiently contribute to a sound IS risk management. In the second key perspective, current operational risk management activities in the German banking industry were explored. Finally, the third key perspective reveals banks’ requirements for a sound management of IS risks as operational risks. This research can provide significant value both to academia and practitioners. Several suggestions are developed that may help banks on their way to implement the recommendations of the Basel Committee on Banking Supervision by 2007. Further, this thesis represents a first step towards an IS risk management approach that supports the complete risk management process and covers all four categories of IS risks as operational risks during the entire system life cycle. Insights from the results may be transferred to other industries with a high dependency on IS, such as the insurance industry, which is subject to Solvency II.